module.exports = () => {
	// 返回中间件函数
	return async function permission(app, next) {
		if (!app.auth || !app.auth.role.includes('admin') && !app.auth.permission.includes(app.request.pathinfo())) {
			app.throw('FORBIDDEN:禁止访问', null, 1000);
		}
		await next() // 执行后续中间件
	}
}
